CVE-2019-4565

HIGH

IBM Security Key Lifecycle Manager <3.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 166626.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0021
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-521
Status published
Products (1)
ibm/security_key_lifecycle_manager 3.0 - 3.0.0.2
Published Sep 20, 2019
Tracked Since Feb 18, 2026